Article

Free access

A type system for object initialization in the Java bytecode language

Authors:

Stephen N. Freund,

John C. MitchellAuthors Info & Claims

OOPSLA '98: Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications

Pages 310 - 327

https://doi.org/10.1145/286936.286972

Published: 01 October 1998 Publication History

Abstract

In the standard Java implementation, a Java language program is compiled to Java bytecode. This bytecode may be sent across the network to another site, where it is then interpreted by the Java Virtual Machine. Since bytecode may be written by hand, or corrupted during network transmission, the Java Virtual Machine contains a bytecode verifier that performs a number of consistency checks before code is interpreted. As illustrated by previous attacks on the Java Virtual Machine, these tests, which include type correctness, are critical for system security. In order to analyze existing bytecode verifiers and to understand the properties that should be verified, we develop a precise specification of statically-correct Java bytecode, in the form of a type system. Our focus in this paper is a subset of the bytecode language dealing with object creation and initialization. For this subset, we prove that for every Java bytecode program that satisfies our typing constraints, every object is initialized before it is used. The type system is easily combined with a previous system developed by Stata and Abadi for bytecode subroutines. Our analysis of subroutines and object initialization reveals a previously unpublished bug in the Sun JDK bytecode verifier.

References

[1]

Ken Arnold and James Gosling. The Java Programming Language. Addison-Wesley, 1996.]]

Digital Library

[2]

Rich Cohen. Defensive Java Virtual Machine Version 0.5 alpha Release. Available from ht tp: / / www. c I i. corn/software / djvm/index, ht m 1, November 1997.]]

[3]

S. Drossopoulou and S. Eisenbach. Java is type safe ---probably. In European Conference On Object Oriented Programming, pages 389-418, 1997.]]

[4]

Drew Dean, Edward W. Felten, and Dan S. Wallach. Java security: from Hot Java to netscape and beyond. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pages 190-200, 1996.]]

Digital Library

[5]

Allen Goldberg. A specification of java loading and bytecode verification. In Proceedings of the Fifth A CM Conference on Computer and Communications Security, 1998. Available from http: //www. kest rel.edu/~ goldberg.]]

Digital Library

[6]

Masami Hagiya and Akihiko Tozawa. On a new method for dataflow analysis of Java Virtual M achi ne subroutines. Available from http://nicosia.is.s.utokyo.ac.j p/members/hagiya.html. A preliminary version appeared in SIG-Notes, PRO-17-3, Information Processing Society of Japan, 1998.]]

[7]

Sheng Liang. personal communication, November 1997.]]

[8]

Tim Lindholm and Frank Yellin. The Java Virtual Machine Specification. Addison-Wesley, 1996.]]

Digital Library

[9]

Greg Morrisett, Karl Crary, Neal Glew, and David Walker. From system F to typed assembly language. In Proc. PSth A CM Symposium on Principles of Pro- 9rammin9 Languages, January 1998.]]

Digital Library

[10]

qbbias Nipkow and David yon Oheimb. Javatight is Type-Safe- Definitely. In Proc. 25th A CM Symposium on Principles of Programming Languages, January 1998.]]

Digital Library

[11]

Joachim Posegga and Harald Vogt. Byte code verification for java smart cards based on model checking. In 5th European Symposium on Research in Computer Security (ESORICS), Louvain-la-Neuve, Belgium, 1998. Springer LNCS.]]

Digital Library

[12]

Zhenyu Qian. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java. Springer-Verlag, 1998.]]

Digital Library

[13]

Raymie Stata and Martfn Abadi. A type system for Java bytecode subroutines. In Proc. 25th A CM Symposium on Principles o/ Programming Languages, January 1998.]]

Digital Library

[14]

Vijay Saraswat. The Java bytecode verification problem. Available from http://www.research.att.com/'vj, November 1997.]]

[15]

Emin Grin Sirer, Sean McDirmid, and Brian Betshad. Kimera: A java system architecture. Available from http://kimera.cs.washington.edu, November 1997.]]

[16]

Don Syme. Proving Java type soundness. Technical Report 427, University of Cambridge Computer Laboratory Technical Report, 1997.]]

[17]

D. Tarditi, G. Morrisett, P. Cheng, C. Stone, R. Harper, and P. Lee. TIL: A type-directed optimizing compiler for ML. A CM SIGPLAN Notices, 31(5):181-192, May 1996.]]

Digital Library

Cited By

Savary AFrappier MLanet J(2013)Detecting Vulnerabilities in Java-Card Bytecode Verifiers Using Model-Based TestingIntegrated Formal Methods10.1007/978-3-642-38613-8_16(223-237)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38613-8_16
Iwama FKobayashi N(2008)A New Type System for JVM Lock PrimitivesNew Generation Computing10.1007/s00354-008-0038-826:2(125-170)Online publication date: 1-May-2008
https://doi.org/10.1007/s00354-008-0038-8
Vangorp PLaurijssen JDutré P(2007)The influence of shape on the perception of material reflectanceACM Transactions on Graphics10.1145/1276377.127647326:3(77-es)Online publication date: 29-Jul-2007
https://dl.acm.org/doi/10.1145/1276377.1276473
Show More Cited By

Index Terms

A type system for object initialization in the Java bytecode language
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
      2. Language types
2. Theory of computation
  1. Semantics and reasoning
    1. Program constructs
      1. Type structures
    2. Program semantics
      1. Operational semantics

Recommendations

A type system for object initialization in the Java bytecode language

In the standard Java implementation, a Java language program is compiled to Java bytecode. This bytecode may be sent across the network to another site, where it is then executed by the Java Virtual Machine. Since bytecode may be written by hand, or ...
A type system for object initialization in the Java bytecode language

In the standard Java implementation, a Java language program is compiled to Java bytecode. This bytecode may be sent across the network to another site, where it is then interpreted by the Java Virtual Machine. Since bytecode may be written by hand, or ...
A Type System for Object Initialization in the Java Bytecode Language

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

OOPSLA '98: Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications

October 1998

428 pages

ISBN:1581130058

DOI:10.1145/286936

Chairmen:
Bjorn Freeman-Benson
Object Technology International, Victoria, B.C., Canada
,
Craig Chambers
Univ. of Washington, Seattle

ACM SIGPLAN Notices Volume 33, Issue 10
Oct. 1998
412 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/286942
Chairmen:
Bjorn Freeman-Benson
Object Technology International, Victoria, B.C., Canada
,
Craig Chambers
Univ. of Washington, Seattle
Issue’s Table of Contents

Copyright © 1998 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 1998

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

OOPSLA98

Sponsor:

SIGPLAN

OOPSLA98: Conference on Object Oriented Programming Systems Languages and Applications

October 18 - 22, 1998

British Columbia, Vancouver, Canada

Acceptance Rates

Overall Acceptance Rate 268 of 1,244 submissions, 22%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

62
Total Citations
View Citations
579
Total Downloads

Downloads (Last 12 months)75
Downloads (Last 6 weeks)12

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Savary AFrappier MLanet J(2013)Detecting Vulnerabilities in Java-Card Bytecode Verifiers Using Model-Based TestingIntegrated Formal Methods10.1007/978-3-642-38613-8_16(223-237)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38613-8_16
Iwama FKobayashi N(2008)A New Type System for JVM Lock PrimitivesNew Generation Computing10.1007/s00354-008-0038-826:2(125-170)Online publication date: 1-May-2008
https://doi.org/10.1007/s00354-008-0038-8
Vangorp PLaurijssen JDutré P(2007)The influence of shape on the perception of material reflectanceACM Transactions on Graphics10.1145/1276377.127647326:3(77-es)Online publication date: 29-Jul-2007
https://dl.acm.org/doi/10.1145/1276377.1276473
Ramanarayanan GFerwerda JWalter BBala K(2007)Visual equivalenceACM Transactions on Graphics10.1145/1276377.127647226:3(76-es)Online publication date: 29-Jul-2007
https://dl.acm.org/doi/10.1145/1276377.1276472
Mori YIgarashi T(2007)PlushieACM Transactions on Graphics10.1145/1276377.127643326:3(45-es)Online publication date: 29-Jul-2007
https://dl.acm.org/doi/10.1145/1276377.1276433
Wu TTang CBrown MShum H(2007)ShapePalettesACM Transactions on Graphics10.1145/1276377.127643226:3(44-es)Online publication date: 29-Jul-2007
https://dl.acm.org/doi/10.1145/1276377.1276432
Sharf ALewiner TShklarski GToledo SCohen-Or D(2007)Interactive topology-aware surface reconstructionACM Transactions on Graphics10.1145/1276377.127643126:3(43-es)Online publication date: 29-Jul-2007
https://dl.acm.org/doi/10.1145/1276377.1276431
Wright CDave JGupta PKrishnan HQuigley DZadok EZubair M(2006)Versatility and Unix semantics in namespace unificationACM Transactions on Storage10.1145/1138041.11380452:1(74-105)Online publication date: 1-Feb-2006
https://dl.acm.org/doi/10.1145/1138041.1138045
Drossopoulou SLagorio GEisenbach S(2006)A flexible model for dynamic linking in Java and C#Theoretical Computer Science10.1016/j.tcs.2006.02.021368:1-2(1-29)Online publication date: 1-Dec-2006
https://dl.acm.org/doi/10.1016/j.tcs.2006.02.021
Abadi M(2006)Protection in programming-language translationsAutomata, Languages and Programming10.1007/BFb0055109(868-883)Online publication date: 26-May-2006
https://doi.org/10.1007/BFb0055109
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents